Technology Risk Job Description
Technology risk
provides technical and direct leadership to the support team and when necessary hands on help using IT skills such as Windows Server (Admin / AD), Desktop PC, General Office/IT solutions and some backend database skills (SQL Server, MySQL, Oracle PL/SQL etc).
Technology Risk Duties & Responsibilities
To write an effective technology risk job description, begin by listing detailed duties, responsibilities and expectations. We have included technology risk job description templates that you can modify and use.
Sample responsibilities for this position include:
Advanced Persistent Threat analysis, preventative controls and mitigation techniques
Linux / Solaris platform architecture, engineering or analysis
Decipher attack motivations and techniques by analyzing network packet captures and log data
Review all findings and management responses to ensure the appropriate Technology managers are involved in the review process
Produce regular metrics reporting and escalation of items for attention
Working in collaboration with the Tech Risk team to build out tools and best practices
Perform PMO activities to manage the day-to-day progress of an exam
Conduct mock interviews to prepare managers for an exam
Assist in self assessments or pre-audits of certain areas
All aspects of the software development discipline, from design, implementation and deployment, through maintenance, extension and enhancement, for all aspects of the RADAR platform
Technology Risk Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Technology Risk
List any licenses or certifications required by the position: CISA, CISSP, CRISC, CIA, CPA, CISM, CTPRP, CIPP, QSA, ISA
Education for Technology Risk
Typically a job would require a certain level of education.
Employers hiring for the technology risk job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Business, Technology, Management, Information Technology, Engineering, Accounting, Education, MBA, Information Systems
Skills for Technology Risk
Desired skills for technology risk include:
ISO 27001/2
SQL
Techniques
Unix
Oracle
Linux
IT trends
Active Directory
IT leading practices to provide clients effective and practical recommendations
MySQL
Desired experience for technology risk includes:
Ability to operate in a business that is undergoing a high degree of organisational and strategic change
Familiarity with programming in a structured language (C++, Java)
Knowledge of data analytics, principles of risk analysis and capital regulation
Provide a point of coordination for various security related activities within the TRMIS group
Act as a point of coordination for various security related activities within the Digital Channel
Manage delivery of BTRM services and participate in DCTS sponsored cross-development and new technology programs
Technology Risk Examples
1
Technology Risk Job Description
Job Description Example
Our company is growing rapidly and is looking to fill the role of technology risk. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for technology risk
- Monitor through completion all technology related action plans including those identified during internal and external audits
- Lead and support Technology units in identifying, evaluating and assessing risks and controls via the Risk and Control Self-Assessment (RCSA) process
- Advise IT operations and solutions groups and business executives on the status of technology risks based on assessment results
- Facilitate annual assessments in support of SOX obligations
- Review all assessments with control owners to discuss what risks have been identified in the past, risk and controls currently in place and what has changed since (if anything)
- Assisting with the preparation and planning for all internal and external audits, including government agencies
- Work with WSS to implement single sign-on and provide user provisioning / certification
- Exposure to Agile / DevOps practices
- Review technology and security risk issues internal and external incidents in order to help inform the 2nd line of defense independent view of the overall technology and security risk posture of the Firm and its underlying legal entities
- Management of enterprise-wide projects with multiple stakeholders
Qualifications for technology risk
- Experience of operating within a control environment (risk, change management ) in IT
- Must be able to demonstrate excellent stakeholder management, communication and presentation skills
- Work with Technology teams to deliver Technology CSAs, including the identification of control gaps and agreement of remediation actions with Technology management
- Provide support to Technology staff and management to deliver Technology CSAs, ensuring accurate capture/reporting of the risk status
- Proven ability to produce and maintain effective working relationships across IT and the business, comfortable in a role that challenges senior stakeholders
- SOX Control – ensure appropriate controls are in place, test steps are accurate and narrative documentation is current
2
Technology Risk Job Description
Job Description Example
Our company is hiring for a technology risk. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for technology risk
- Monitoring of execution of remediation action plans for identified I&T risk gaps
- Ensuring IT risks are appropriately managed within the risk appetite tolerances and limits
- Providing transparency of risk exposures through implementing sound reporting for risk-based decision making
- Performing aggregation and reporting of IT risk metrics and data
- Executing at least monthly risk management meetings for each IT department to ensure risk transparency to all stakeholders
- Conducting quarterly SOX Risk and Control status assessment and reporting for each IT department
- Accountable for business resiliency risk oversight
- Provide leadership and direction across enterprise for proper planning, execution and escalation for business resiliency risk across all businesses and divisions
- Partner with business to design and implement the strategic business resiliency program
- Be key partner with business resiliency program team across business and IT to mature risk management capabilities
Qualifications for technology risk
- Hands on experience with at least one of the following aspects information Security - application security, network security, identity and access management, third party security, or 3 years of enterprise architecture experience
- Leads / performs project management activities, including project management of the implementation, user and developer engagement, system design, requirements gathering, and setting overall strategy within scope of reporting
- Effectively communicates project's objectives to users and ensures objectives are being met
- Minimum 3 years in a risk management and or/governance role
- Working knowledge of the firm’s business and of the financial services industry
- Experienced in managing process and ensuring high quality and timely delivery of product
3
Technology Risk Job Description
Job Description Example
Our company is searching for experienced candidates for the position of technology risk. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for technology risk
- Mentor other members on the team on security, risk, privacy and compliance topics
- Lead qualitative and quantitative risk assessments efforts on Information Technology, Information Security, Third Party Vendor, and other relevant company risks, recommend mitigation strategies, and work with internal partners to assign monitoring responsibility
- Lead self-assessments to determine control effectiveness and communicate results to internal partners and executive management
- Provide leadership of at least one direct report provide work direction to less experienced band 30's and 35's
- Facilitate deployment and maintenance of Technology risk and controls model within Asset Management Technology (AMT) teams using industry standard models (e.g., COBIT5, ITIL, NIST) as references
- Lead the strategic direction for development, deployment and maintenance of Technology risk/governance model for Asset Management Technology (AMT) using industry standard models (e.g.COBIT5, ITIL, NIST) as a reference
- Support the Operational Risk Management (ORM) process for AMT organization
- Identify and implement tools to automate and support AMT risk functions which includes documented processes, risks and controls and provide reporting of status
- Engage with Risk & Control Services (RCS) and other audit and compliance functions to align work and deliverables with the Technology operating model
- Create and conduct any Technology risk-related training
Qualifications for technology risk
- Coursework or experience in network security, computer security, vulnerability assessment, system design, encryption schemes
- 7+ years of expertise and professional experience in Technology Audit
- Track record of superior performance with emphasis on quality, ability to deliver timely results
- Ability to operate in a complex, fast paced, matrix environment
- Willingness to be hands-on and detailed oriented
- Industry certification – CISSP, CISA, GIAC
4
Technology Risk Job Description
Job Description Example
Our company is growing rapidly and is searching for experienced candidates for the position of technology risk. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for technology risk
- Challenge business / functions and CIOs view of risk in strategic and tactical initiatives providing insight to the first line on key areas to address from a technology risk perspective
- Identify critical data assets and assess appropriate risk management
- Highlight technology risk in business strategies and implementation plans and identify risk of obsolescence or migration concerns in a quickly changing IT landscape
- Develop and refine technology risk goals and objectives, and challenge business / functions and CIO's prioritization of technology risk mitigation
- Provide regular reports on Technology Risk to show risk trends and provide insight on root cause and remediation options in collaboration with the business and IT teams
- Monitor new business initiatives for emerging technology risk and support the reporting and escalation in risk identification and evaluation
- Coordination with EI Tower Risk Officers to facilitate timely execution on the risk agenda
- Assist Senior Risk Officer with monthly collation of data for Divisional Risk Committee, Technology Risk Committee and regional committees as required
- Participate and contribute in risk officer forums
- Work with other stakeholder teams across the firm
Qualifications for technology risk
- Ability to rapidly prototype with stubs, mocks and simulations
- Must be able to quickly turn rough drafts into working implementations
- Exposure to enterprise-scale development is a significant plus
- Medium-to-large scale development skills
- Design skills, specifically with UI toolkits
- Demonstrated ability to work with development teams and clients who are dispersed across geographies and time zones
5
Technology Risk Job Description
Job Description Example
Our company is hiring for a technology risk. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for technology risk
- Implement IT risk management framework
- Ensure that the Technology risk management infrastructure and practices are consistent with regulatory expectations and industry sound practices
- Provide increased transparency and visibility to critical IT risks and monitor remediation initiatives
- Proactively identify potential risk exposures within new technology solutions being designed and implemented, and partner with Technology Risk Officer and Information Security groups to monitor appropriate solutions to mitigate exposure
- Utilize available risk management tools (Audit ratings, RCSA, KRIs, Loss event data, external events) in conjunction with other environmental changes to proactively monitor the Technology control environment and identify and address potential weaknesses and/or gaps in a timely manner
- Partner with Info Security Program Office to ensure consistency in the management of information assets under the company risk management policies
- Serve as a subject matter expert in technology risk, controls, compliance, and information security best practices
- Serves as liaison with other Risk stripes, internal departments, lines of business, Regulators and other external parties
- Participate in due diligence efforts for new clients, vendors and M&A activity, as needed
- Influence and drive improvement as it relates to Technology Risk
Qualifications for technology risk
- Strong information security, risk and controls experience
- Ability to manage across the FFIEC Risk Domains
- Understanding of systems development lifecycle and best practices
- Minimum PhD in Computer Science, Cyber-Security or Information Security
- Experience of developing enterprise security architecture
- Experience of performing architectural risk analysis and penetration testing